Hello,
I’m using SonarQube Developer edition 8.9 (full install on a dedicated machine) in an Azure DevOps environment, running against a scan using the Maven SonarQube plug-in. I can successfully run a SonarQube scan using an ADO build pipeline and the results correctly show up in SonarQube, but when we run that same pipeline as part of a build policy against a Pull Request, we don’t get decoration.
So far, I’ve re-checked all the settings in Azure DevOps integration and as far as I can tell, they’re correct. I’ve re-checked my ADO authorization token and it’s correct and I’ve confirmed that the account associated with that token has code read/write permissions. I’ve turned on debug logging and checked the CE log to see if there are any error messages, but I see no errors or warnings (or anything that looks remotely troublesome). As far as SonarQube is concerned, it seems to believe it succeeded. I’ve double-checked the policies being enforced to make sure my test code violates some of them. In all cases, scans of PRs in this repo don’t yield comments on the associated PRs.
The most frustrating part of this whole thing is that I have, as far as I can tell, identical settings on a different repo, and the annotations work fine there. The other repo is much less complex, and much smaller (and also has a MUCH shorter build time, so it’s easier to test with), so it’s entirely possible that some complexity there has hosed me, but at this point I don’t even know how to begin to find it. I’m out of ideas.
If it helps, our pipeline looks like this:
trigger:
- release/*
- main
stages:
- stage: Sonar
displayName: Run Sonar
jobs:
- job: Run_Sonar
timeoutInMinutes: 240
displayName: Run Sonar
pool: 'General'
variables:
- template: '../Vars/VariablesAllPipelines.yml'
steps:
# Prepare Analysis Configuration task
- task: SonarQubePrepare@5
inputs:
SonarQube: 'our.sonarqube.server'
scannerMode: 'Other'
extraProperties: 'sonar.projectKey=our.repo.name.git'
- task: Maven@3
timeoutInMinutes: 120
inputs:
mavenPomFile: 'components/pom.xml'
goals: 'clean install'
options: '-PbuildServices,sonar -Dsonar.projectKey=our.repo.name.git -Dsonar.host.url=http://our.sonarqube.server -Dsonar.login=OURTOKENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -D sonar.exclusions=**/*.html,**/*.css,**/*.wsdl,**/*.xml -D sonar.coverage.jacoco.xmlReportPaths=${project.build.directory}/target/'
mavenOptions: '$(maven.opts)'
publishJUnitResults: true
javaHomeOption: JDKVersion
mavenVersionOption: Default
sonarQubeRunAnalysis: true
# Publish Quality Gate Result task
- task: SonarQubePublish@5
inputs:
pollingTimeoutSec: '300'
and the sonar profile in our POM looks like this:
<profile>
<id>sonar</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.7.0.1746</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.2</version>
<executions>
<execution>
<id>default-prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>default-report</id>
<phase>verify</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
<configuration>
<destFile>${project.build.directory}/jacoco.exec</destFile>
</configuration>
</plugin>
</plugins>
</build>
</profile>
Finally, my deliberately horrible code looks like this (you’ll notice some of the text is copy/pasted verbatim from the SQ example of what NOT to do)
public String ReallyBadFunction(String foo) throws Exception{
String s = "foo";
String S = "bar";
String Q = "for";
Q = "more badness";
switch (param) { //missing default clause
case 0:
doSomething();
break;
case 1:
doSomethingElse();
break;
}
switch (param) {
default: // default clause should be the last one
error();
break;
case 0:
doSomething();
break;
case 1:
doSomethingElse();
break;
}
System.out.println("sq will HATE this");
//System.out.println("sq will HATE this");
String Z = foo + Q;
if (s != S){
return ""
}
s = S;
if(s != S){
return ""
}
if(true){
while(Q != "A"){
int i = 1+1;
}
throw new Exception("this should really make ")
}
return s+S;
}
Anyone have any ideas? I’ve searched the Internet and these forums for close to a week now looking for ideas, and I’ve tried everything I’ve come across, but with no success.
I would greatly appreciate any ideas anyone may have about how to get this sorted, or even ideas on how to troubleshoot further.
Thanks in advance